package me.pinion.check;

import com.jfinal.core.ActionInvocation;
import me.pinion.check.annotation.AllowRole;
import me.pinion.check.annotation.CheckBind;
import me.pinion.model.User;

import javax.servlet.http.HttpServletResponse;


@CheckBind(AllowRole.class)
public class RoleCheck extends AbstractCheck{

    @Override
    public int onRequest(Object anno, ActionInvocation ai) {
        AllowRole roles = (AllowRole)anno;
        String[] rolenames = roles.value();
        if (!ai.getController().<User>getSessionAttr("user").hasRoles(rolenames))  {
            ai.getController().renderError(HttpServletResponse.SC_FORBIDDEN);
//            ai.getController().redirect("/login");
            return -1;
        }
        return 0;
    }
}
